[jira] [Commented] (PROTON-2124) Disable GS2-KRB5 SASL mechanism if it is not explicitly enabled

Thu, 24 Oct 2019 15:56:27 -0700 


    [ 
https://issues.apache.org/jira/browse/PROTON-2124?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16959279#comment-16959279
 ] 

ASF subversion and git services commented on PROTON-2124:
---------------------------------------------------------

Commit 2053be544f83b7dee10fa89dc8ec35a21879985a in qpid-proton's branch 
refs/heads/master from Jiří Daněk
[ https://gitbox.apache.org/repos/asf?p=qpid-proton.git;h=2053be5 ]

PROTON-2124 Disable GS2-KRB5 and GS2-IAKERB SASL mechanisms if they are not 
explicitly enabled (#199)



> Disable GS2-KRB5 SASL mechanism if it is not explicitly enabled
> ---------------------------------------------------------------
>
>                 Key: PROTON-2124
>                 URL: https://issues.apache.org/jira/browse/PROTON-2124
>             Project: Qpid Proton
>          Issue Type: Improvement
>          Components: proton-c
>            Reporter: Jiri Daněk
>            Assignee: Andrew Stitcher
>            Priority: Major
>              Labels: release-notes, sasl, usability
>             Fix For: proton-c-0.24.0
>
>
> I've noticed two additional kerberos sasl mechanisms that aren't blacklisted
> bq. [0xb80670]:0 <- @sasl-mechanisms(64) 
> [sasl-server-mechanisms=@PN_SYMBOL[:"GS2-IAKERB", :"GS2-KRB5", 
> :"SCRAM-SHA-1", :"SCRAM-SHA-256", :GSSAPI, :"GSS-SPNEGO", :"DIGEST-MD5", 
> :OTP, :"CRAM-MD5", :ANONYMOUS]]
> They are GS2-IAKERB and GS2-KRB5. The GS2-KRB5 is the problematic one, 
> allowing GS2-IAKERB does not stop proton from trying ANONYMOUS eventually.
> When GS2-KRB5 is enabled, I get this failure instead (in ctest tests, test 
> 23, or when connecting {{sender}} example to {{broker}} example)
> bq. 23: amqp:unauthorized-access: SASL(-1): generic failure: GS2 Error: 
> Unspecified GSS failure.  Minor code may provide more information (Ticket 
> expired) (Authentication failed [mech=none])
> I think those must be new. They appear on macOS, or if I install all 
> cyrus-sasl packages on RHEL 7.7 or RHEL 8.1.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to